Data breaches – what’s it gonna take?

Reading up on this, there really is nothing new. To Steve’s point, what is it going to take for us to wake up and realize it’s not a matter of if we’ll get hacked, it’s a matter of when. Today, we are so focused on what to do when we get hacked to mitigate the consequences. There’s US Government regulation for communicating when a breach occurs, but nothing that mandates data protection. In fact, only two states (Nevada & Massachusetts) have laws on the books that mandate the encryption of data. I’m not saying we need government regulation to get us to do something, but what really is it going to take?

In a ZD Net Between the Lines blog written by John Hazard, “Data breach costs rise with criminal attacks”. According to the blog, the Ponemon Institute released their 2010 data breach cost estimates, and according to the Symantec sponsored study, a data breach costs a company on average $7.2 Million, or $214 per compromised record. I recently put together a presentation on the market for self encrypting drives for Seagate, and my 2009 numbers showed $6.75 Million and $204 per compromised record. It’s only going up, and will continue to go up, if we don’t start think about encrypting nearly every single piece of data we generate, especially data at rest.